spectre-meltdown-checker
spectre-meltdown-checker copied to clipboard
speed47
Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, Meltdown vulnerability/mitigation checker for Linux & BSD
Running from a container-image with podman: ``` + podman run --privileged --rm --volume /boot:/boot:ro --volume /dev/cpu:/dev/cpu:ro --volume /lib/modules:/lib/modules:ro spectre-meltdown-checker --update-fwdb Spectre and Meltdown mitigation detection tool v0.45 Fetching MCE.db from...
Running from a container-image with `podman`: ``` + podman run --privileged --rm --volume /boot:/boot:ro --volume /dev/cpu:/dev/cpu:ro --volume /lib/modules:/lib/modules:ro spectre-meltdown-checker --kernel /boot/kernel-5.18.12-gentoo --config /boot/config-5.18.12-gentoo --map /boot/System.map-5.18.12-gentoo -v -v Spectre and Meltdown...
Are there plans to update this project to include the checks for the CVE's discovered as part of Retbleed (CVE-2022-29900 and CVE-2022-29901)? Ref: "https://comsec.ethz.ch/research/microarch/retbleed/"
https://www.phoronix.com/scan.php?page=news_item&px=MMIO-Stale-Data-Vulnerabilities
This PR fixes #429 by these changes: 👷 add a fancy GitHub action for 'shellcheck' and 'shfmt' 👷 moved 'shellcheck' and 'check indentation' to new GitHub Action 🚨 fix 'shellcheck'...
Your `spectre-meltdown-checker.sh` is already `shellcheck`'ed, but you don't have a **GitHub Action** to enforce this before a Pull Requests can be merged. And I have seen, that you are doing...
Check the status of the mitigations indicated by the 'Branch History Injection and Intra-mode Branch Target Injection: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html
You can check for the new MSR 0x10F for TSX-disabled CPUs 0x10F - see https://www.intel.com/content/www/us/en/support/articles/000059422/processors.html I got this message only in --paranoid mode
Running `docker-compose up` reveals several UNKNOWN results like the following: ``` spectre-meltdown-checker | * iTLB Multihit mitigation is supported by kernel: UNKNOWN (missing 'unzstd' tool, please install it, usually it's...
